| Import a certificate from a CA | |||
|
| GO | |
|
This topic describes the steps to import a certificate from a Certification Authority (CA).
This can be a:
Certification authority root certificate
Signed certificate.
The Lucent CM system requires a signed certificate in the ASCII - PEM format. Importing a signed certificate in any other format will fail.
The certificates must be available in the /opt/lps/current/sbin/ directory.
A signed certificate can only be imported if the certification authority is trusted. To define a certification authority as trusted, the certification authority root certificate must be imported.
CAUTION
Service-disruption hazard
All applications servers in the Lucent CM system are stopped and restarted when importing a certificate. Service is temporarily denied to all users.
Import a certificate before the system carries live traffic or during a maintenance window.
Perform the following steps to import a certificate from a CA:
1 |
Login to one of the Lucent CM nodes as “root”. | ||||||
2 |
Execute the set certificate script. Enter the command: sudo -u lps /opt/lps/current/bin/setcert.sh | ||||||
3 |
Select n when prompted to generate a key to send to a certification authority. | ||||||
4 |
| ||||||
5 |
Enter the following information: Result: The owner, issuer, serial number, valid time and security fingerprints of the certificate display | ||||||
6 |
Enter Yes to trust this certificate. Result: The certificate is added to the keystore and the certification authority is now trusted. | ||||||
7 |
| ||||||
8 |
Enter the following information: Result: The Lucent CM application nodes are restarted with the new keystore and the new certificate is used on the Lucent CM system. End of steps |
|
|
GO | |
|
| © Lucent Technologies | |||